Cleanly override classes in Puppet

I maintain a rather large Puppet configuration. Each of the services running on my servers have their own Puppet modules. This keeps things clean, but does present a challenge in maintaining one-offs for specific servers.

Take for example SSH. I have an SSH module which installs the openssh service, and maintains the sshd_config file. Any server classes needing the SSH daemon simply include this module. However, some of the servers need special config options placed in sshd_config. Most admins decide to put conditionals in their modules to account for this, but I believe that breaks one of the main tenants of a modular configuration: The modules should have no concept of the servers that may include them.

The answer to this problem is overrides. Puppet’s language is pretty quirky, but it does have support for some very basic class overrides. One of the requirements is that an override must exist in a class inheriting the class where the override needs to occur. This presents another problem, as I wouldn’t want to have my server class inheriting an SSH module. The solution is to have the server class include a class which inherits the sshd-module class. From this “override class”, it is possible to override any resources existing in the inherited class.

class mysqlServer {
  include sshd-module

  include mysqlServer::sshd  # Inherits sshd-module

class mysqlServer::sshd inherits sshd-module {
  File["/etc/ssh/sshd_config"] {
    source => "puppet:///mysqlServer/sshd_config",
Share and Enjoy:
  • StumbleUpon
  • Facebook
  • Twitter
  • Reddit
Cleanly override classes in Puppet

One thought on “Cleanly override classes in Puppet

Leave a Reply

Your email address will not be published.